Add config option to allow anonymous reporting

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2020-06-09 14:07:49 +02:00
parent 2e64da11e3
commit dac47d2abb
No known key found for this signature in database
GPG Key ID: A061B9DDE0CA0773
14 changed files with 177 additions and 47 deletions

View File

@ -26,6 +26,7 @@ Also make sure to remove the `EnvironmentFile=` line from the systemd service an
- Duplicate an event
- Ability to handle basic administration settings in the admin panel
- Added physical address change to the list of important changes that trigger event notifications
- Config option to allow anonymous reporting
### Changed
- Configuration handling (see above)

View File

@ -202,6 +202,9 @@ config :mobilizon, :anonymous,
],
captcha: [enabled: false]
}
],
reports: [
allowed: false
]
config :mobilizon, Oban,

View File

@ -92,6 +92,11 @@ config :mobilizon, :instance,
# config :mobilizon, :activitypub, sign_object_fetches: false
config :mobilizon, :anonymous,
reports: [
allowed: true
]
require Logger
cond do

View File

@ -62,7 +62,7 @@ export const COMMENTS_THREADS = gql`
}
}
}
${COMMENT_RECURSIVE_FRAGMENT}
${COMMENT_FIELDS_FRAGMENT}
`;
export const CREATE_COMMENT_FROM_EVENT = gql`

View File

@ -34,6 +34,9 @@ export const CONFIG = gql`
}
}
}
reports {
allowed
}
actorId
}
location {

View File

@ -39,6 +39,9 @@ export interface IConfig {
};
};
};
reports: {
allowed: boolean;
};
actorId: string;
};
maps: {

View File

@ -272,7 +272,7 @@
<b-icon icon="calendar-plus" />
</span>
</b-dropdown-item>
<b-dropdown-item aria-role="listitem">
<b-dropdown-item aria-role="listitem" v-if="ableToReport">
<span @click="isReportModalActive = true">
{{ $t("Report") }}
<b-icon icon="flag" />
@ -750,14 +750,25 @@ export default class Event extends EventMixin {
async reportEvent(content: string, forward: boolean) {
this.isReportModalActive = false;
// @ts-ignore
this.$refs.reportModal.close();
if (!this.event.organizerActor) return;
const eventTitle = this.event.title;
let reporterId = null;
if (this.currentActor.id) {
reporterId = this.currentActor.id;
} else {
if (this.config.anonymous.reports.allowed) {
reporterId = this.config.anonymous.actorId;
}
}
if (!reporterId) return;
try {
await this.$apollo.mutate<IReport>({
mutation: CREATE_REPORT,
variables: {
eventId: this.event.id,
reporterId: this.currentActor.id,
reporterId,
reportedId: this.event.organizerActor.id,
content,
forward,
@ -996,6 +1007,12 @@ export default class Event extends EventMixin {
await removeAnonymousParticipation(this.uuid);
this.anonymousParticipation = null;
}
get ableToReport(): boolean {
return (
this.config && (this.currentActor.id != undefined || this.config.anonymous.reports.allowed)
);
}
}
</script>
<style lang="scss" scoped>

View File

@ -154,7 +154,7 @@ import Subtitle from "../components/Utils/Subtitle.vue";
};
},
update: (data) =>
data.loggedUser.participations.map(
data.loggedUser.participations.elements.map(
(participation: IParticipant) => new Participant(participation)
),
skip() {

View File

@ -89,6 +89,9 @@ defmodule Mobilizon.GraphQL.Resolvers.Config do
}
}
},
reports: %{
allowed: Config.anonymous_reporting?()
},
actor_id: Config.anonymous_actor_id()
},
geocoding: %{

View File

@ -60,9 +60,10 @@ defmodule Mobilizon.GraphQL.Resolvers.Event do
end
end
def check_event_access(%Event{local: true}), do: true
@spec check_event_access(Event.t()) :: boolean()
defp check_event_access(%Event{local: true}), do: true
def check_event_access(%Event{url: url}) do
defp check_event_access(%Event{url: url}) do
relay_actor_id = Config.relay_actor_id()
Events.check_if_event_has_instance_follow(url, relay_actor_id)
end

View File

@ -7,6 +7,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Report do
alias Mobilizon.Actors
alias Mobilizon.Actors.Actor
alias Mobilizon.Config
alias Mobilizon.Reports
alias Mobilizon.Reports.{Note, Report}
alias Mobilizon.Users.User
@ -47,7 +48,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Report do
def create_report(
_parent,
%{reporter_id: reporter_id} = args,
%{context: %{current_user: user}} = _resolution
%{context: %{current_user: %User{} = user}} = _resolution
) do
with {:is_owned, %Actor{}} <- User.owns_actor(user, reporter_id),
{:ok, _, %Report{} = report} <- API.Reports.report(args) do
@ -61,6 +62,31 @@ defmodule Mobilizon.GraphQL.Resolvers.Report do
end
end
@doc """
Create a report anonymously if allowed
"""
def create_report(
_parent,
%{reporter_id: reporter_id} = args,
_resolution
) do
with {:anonymous_reporting_allowed, true} <-
{:anonymous_reporting_allowed, Config.anonymous_reporting?()},
{:wrong_id, true} <- {:wrong_id, reporter_id == to_string(Config.anonymous_actor_id())},
{:ok, _, %Report{} = report} <- API.Reports.report(args) do
{:ok, report}
else
{:anonymous_reporting_allowed, _} ->
{:error, "You need to be logged-in to create reports"}
{:wrong_id, _} ->
{:error, "Reporter ID is not the anonymous actor id"}
_error ->
{:error, "Error while saving report"}
end
end
def create_report(_parent, _args, _resolution) do
{:error, "You need to be logged-in to create reports"}
end

View File

@ -59,6 +59,7 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
object :anonymous do
field(:participation, :anonymous_participation)
field(:event_creation, :anonymous_event_creation)
field(:reports, :anonymous_reports)
field(:actor_id, :id)
end
@ -100,6 +101,10 @@ defmodule Mobilizon.GraphQL.Schema.ConfigType do
field(:enabled, :boolean)
end
object :anonymous_reports do
field(:allowed, :boolean)
end
object :resource_provider do
field(:type, :string)
field(:endpoint, :string)

View File

@ -139,6 +139,10 @@ defmodule Mobilizon.Config do
:enabled
]
@spec anonymous_reporting? :: boolean
def anonymous_reporting?,
do: Application.get_env(:mobilizon, :anonymous)[:reports][:allowed]
def instance_resource_providers do
types = get_in(Application.get_env(:mobilizon, Mobilizon.Service.ResourceProviders), [:types])

View File

@ -1,9 +1,11 @@
defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
use Mobilizon.Web.ConnCase
use Mobilizon.Tests.Helpers
import Mobilizon.Factory
alias Mobilizon.Actors.Actor
alias Mobilizon.Config
alias Mobilizon.Events.Event
alias Mobilizon.Reports.{Note, Report}
alias Mobilizon.Users.User
@ -11,67 +13,124 @@ defmodule Mobilizon.GraphQL.Resolvers.ReportTest do
alias Mobilizon.GraphQL.AbsintheHelpers
describe "Resolver: Report a content" do
@create_report_mutation """
mutation CreateReport($reporterId: ID!, $reportedId: ID!, $eventId: ID, $content: String) {
createReport(
reporterId: $reporterId,
reportedId: $reportedId,
eventId: $eventId,
content: $content
) {
content,
reporter {
id
},
event {
id
},
status
}
}
"""
clear_config([:anonymous, :reports])
setup %{conn: conn} do
Mobilizon.Config.clear_config_cache()
anonymous_actor_id = Config.anonymous_actor_id()
{:ok, conn: conn, anonymous_actor_id: anonymous_actor_id}
end
test "create_report/3 creates a report", %{conn: conn} do
%User{} = user_reporter = insert(:user)
%Actor{} = reporter = insert(:actor, user: user_reporter)
%Actor{} = reported = insert(:actor)
%Event{} = event = insert(:event, organizer_actor: reported)
mutation = """
mutation {
createReport(
reporter_id: #{reporter.id},
reported_id: #{reported.id},
event_id: #{event.id},
content: "This is an issue"
) {
content,
reporter {
id
},
event {
id
},
status
}
}
"""
res =
conn
|> auth_conn(user_reporter)
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
|> AbsintheHelpers.graphql_query(
query: @create_report_mutation,
variables: %{
reportedId: reported.id,
reporterId: reporter.id,
eventId: event.id,
content: "This is an issue"
}
)
assert json_response(res, 200)["errors"] == nil
assert json_response(res, 200)["data"]["createReport"]["content"] == "This is an issue"
assert json_response(res, 200)["data"]["createReport"]["status"] == "OPEN"
assert json_response(res, 200)["data"]["createReport"]["event"]["id"] == to_string(event.id)
assert res["errors"] == nil
assert res["data"]["createReport"]["content"] == "This is an issue"
assert res["data"]["createReport"]["status"] == "OPEN"
assert res["data"]["createReport"]["event"]["id"] == to_string(event.id)
assert json_response(res, 200)["data"]["createReport"]["reporter"]["id"] ==
assert res["data"]["createReport"]["reporter"]["id"] ==
to_string(reporter.id)
end
test "create_report/3 without being connected doesn't create any report", %{conn: conn} do
%Actor{} = reported = insert(:actor)
mutation = """
mutation {
createReport(
reported_id: #{reported.id},
reporter_id: 5,
content: "This is an issue"
) {
content
}
}
"""
res =
conn
|> AbsintheHelpers.graphql_query(
query: @create_report_mutation,
variables: %{
reportedId: reported.id,
reporterId: 5,
content: "This is an issue"
}
)
assert res["errors"] |> hd |> Map.get("message") ==
"You need to be logged-in to create reports"
end
test "create_report/3 anonymously creates a report if config has allowed", %{
conn: conn,
anonymous_actor_id: anonymous_actor_id
} do
%Actor{} = reported = insert(:actor)
Config.put([:anonymous, :reports, :allowed], true)
res =
conn
|> post("/api", AbsintheHelpers.mutation_skeleton(mutation))
|> AbsintheHelpers.graphql_query(
query: @create_report_mutation,
variables: %{
reportedId: reported.id,
reporterId: anonymous_actor_id,
content: "This is an issue"
}
)
assert json_response(res, 200)["errors"] |> hd |> Map.get("message") ==
"You need to be logged-in to create reports"
assert is_nil(res["errors"])
assert res["data"]["createReport"]["content"] == "This is an issue"
assert res["data"]["createReport"]["status"] == "OPEN"
assert res["data"]["createReport"]["reporter"]["id"] ==
to_string(anonymous_actor_id)
end
test "create_report/3 anonymously doesn't creates a report if the anonymous actor ID is wrong",
%{conn: conn} do
%Actor{} = reported = insert(:actor)
Config.put([:anonymous, :reports, :allowed], true)
res =
conn
|> AbsintheHelpers.graphql_query(
query: @create_report_mutation,
variables: %{
reportedId: reported.id,
reporterId: 53,
content: "This is an issue"
}
)
assert res["errors"] |> hd |> Map.get("message") ==
"Reporter ID is not the anonymous actor id"
end
end